CVE-2023-41164

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 3, 2023
Updated: Apr 20, 2024
CWE ID 1284

Summary

CVE-2023-41164 is a denial-of-service vulnerability affecting Django versions 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5. Malicious inputs containing a large number of Unicode characters can cause django.utils.encoding.uri_to_iri() function to consume excessive system resources, resulting in a denial-of-service condition. This issue may lead to server overload and potential service disruption. It is recommended that affected Django users upgrade to the latest stable version to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Django
  • Fedora Operating System

Affected Vendors

  • Django Software Foundation
  • Fedora Project